Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of HKLM\SOFTWARE registry, causing adds to pop up on chrome


  • This topic is locked This topic is locked
9 replies to this topic

#1 Gorman240sx

Gorman240sx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 24 February 2015 - 02:10 AM

Hello, New member in need of help. I can not find a way how to remove this registry (HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}) after deleting it with AdwCleaner. I restart my computer any time and it run a scan first thing, after i run rkill.exe and it still shows it as a registry and is never fully deleted. After a while (5min) if i log into my google chrome web browser it extensions that keep getting added without my permission and it causes adds to appear if i click a link. I appreciate any help i can receive as this is frustrating me. Thanks

FRST.TXT INFO-----------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015

Ran by Joey Gorman (administrator) on JOEY on 24-02-2015 01:58:09
Running from C:\Users\Joey Gorman\Downloads
Loaded Profiles: Joey Gorman (Available profiles: Joey Gorman)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Brio) H:\Folder Size Add-on\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Brio) H:\Folder Size Add-on\FolderSize.exe
() C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Joey Gorman\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe [681288 2013-09-22] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => H:\Video Camer\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [UtechSmartMouseExRun] => C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe [3511808 2013-04-12] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Logitech Vid] => H:\Video Camer\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Folder Size] => H:\Folder Size Add-on\FolderSize.exe [126976 2013-02-13] (Brio)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e856d9-7ec9-11e4-8322-94de80aec7cc} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e860bc-7ec9-11e4-8322-94de80aec7cc} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {5424c039-6b6f-11e3-827c-94de80aec7cc} - "J:\menu.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84aba-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84ad5-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> H:\Video Camer\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52404;https=127.0.0.1:52404
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-254711952-2534833223-455870803-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Java\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DEC3F7C6-ABD4-4F22-9644-27D331359F21}: [NameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> H:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Joey Gorman\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.reddit.com/r/leagueoflegends", "hxxp://www.twitch.tv/"
CHR Profile: C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Adblock Plus) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 b036974b; c:\Program Files (x86)\SystemPassword\SystemPassword.dll [1634304 2015-02-03] () [File not signed]
R2 FolderSize; H:\Folder Size Add-on\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2012-12-17] (Apache Software Foundation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; H:\Sim City\Origin\OriginClientService.exe [1910128 2015-02-21] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 PinnacleUpdateSvc; H:\pinnacle_updater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2012-12-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-24] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 01:58 - 2015-02-24 01:58 - 00016883 _____ () C:\Users\Joey Gorman\Downloads\FRST.txt
2015-02-24 01:57 - 2015-02-24 01:58 - 00000000 ____D () C:\FRST
2015-02-24 01:57 - 2015-02-24 01:57 - 02087424 _____ (Farbar) C:\Users\Joey Gorman\Downloads\FRST64 (1).exe
2015-02-24 01:56 - 2015-02-24 01:56 - 02087424 _____ (Farbar) C:\Users\Joey Gorman\Downloads\FRST64.exe
2015-02-24 01:41 - 2015-02-24 01:41 - 00852594 _____ () C:\Users\Joey Gorman\Downloads\SecurityCheck.exe
2015-02-24 01:36 - 2015-02-24 01:36 - 00000000 ____D () C:\OETemp
2015-02-24 01:33 - 2015-02-24 01:33 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Joey Gorman\Downloads\avira_en_av___ws.exe
2015-02-24 01:28 - 2015-02-24 01:28 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\CrashDumps
2015-02-24 01:23 - 2015-02-24 01:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Deployment
2015-02-24 01:23 - 2015-02-24 01:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Apps\2.0
2015-02-24 01:21 - 2015-02-24 01:21 - 00002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2015-02-24 01:19 - 2015-02-24 01:19 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\VirtualStore
2015-02-24 01:08 - 2015-02-24 01:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:06 - 2015-02-24 01:23 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 01:06 - 2015-02-24 01:11 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 01:06 - 2015-02-24 01:06 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-24 01:06 - 2015-02-24 01:06 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-24 01:06 - 2015-02-24 01:06 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 01:06 - 2015-02-24 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:05 - 2015-02-24 01:05 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-02-24 00:57 - 2015-02-24 01:23 - 00002520 _____ () C:\Users\Joey Gorman\Desktop\Rkill.txt
2015-02-24 00:55 - 2015-02-24 00:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Joey Gorman\Desktop\rkill.exe
2015-02-24 00:48 - 2015-02-24 01:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-24 00:48 - 2015-02-24 00:48 - 15536728 _____ () C:\Users\Joey Gorman\Desktop\RogueKiller.exe
2015-02-24 00:48 - 2015-02-24 00:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-24 00:30 - 2015-02-24 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 00:30 - 2015-02-24 00:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.09.1.1004.exe
2015-02-24 00:29 - 2015-02-24 00:36 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\mbar
2015-02-24 00:29 - 2015-02-24 00:29 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.08.3.1004.exe
2015-02-24 00:12 - 2015-02-24 00:12 - 00001181 _____ () C:\Users\Joey Gorman\Desktop\iexplore.exe - Shortcut.lnk
2015-02-24 00:09 - 2015-02-24 01:53 - 00000000 ____D () C:\AdwCleaner
2015-02-24 00:09 - 2015-02-24 00:09 - 02126848 _____ () C:\Users\Joey Gorman\Downloads\iexplore.exe
2015-02-23 23:41 - 2015-02-23 23:57 - 00000773 _____ () C:\DelFix.txt
2015-02-23 23:41 - 2015-02-23 23:41 - 00000000 ____D () C:\Windows\ERUNT
2015-02-23 23:01 - 2015-02-24 01:46 - 00128707 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 23:00 - 2015-02-24 01:23 - 00004370 _____ () C:\Windows\PFRO.log
2015-02-23 23:00 - 2015-02-24 01:23 - 00004292 _____ () C:\Windows\setupact.log
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 10:33 - 2015-02-23 10:33 - 00362576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 10:03 - 2013-09-04 16:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-02-23 10:03 - 2013-05-23 10:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-02-23 09:54 - 2014-07-07 11:29 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\tron
2015-02-23 09:51 - 2014-07-07 10:58 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\screenshots
2015-02-23 09:50 - 2015-02-23 09:50 - 459540917 _____ () C:\Users\Joey Gorman\Downloads\Tron v1.2 (2014-07-07).7z
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Steam
2015-02-16 21:07 - 2015-02-16 21:07 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2015-02-16 20:22 - 2015-02-16 20:22 - 00000214 _____ () C:\Users\Joey Gorman\Desktop\Dungeon Defenders.url
2015-02-12 23:24 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 23:24 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:08 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:08 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:08 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 02:08 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 02:08 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:08 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:08 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:07 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 02:07 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 02:07 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:07 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:07 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 02:07 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:07 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 02:07 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:07 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:07 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:07 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:07 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:07 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:07 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:07 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 02:07 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:07 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:07 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:07 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:07 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:07 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:07 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 02:07 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 02:07 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 02:07 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 02:07 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-04 20:25 - 2015-02-22 21:52 - 00000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-02-04 00:51 - 2015-02-04 00:51 - 00000936 _____ () C:\Users\Joey Gorman\Desktop\Play Army Men RTS.lnk
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-02-03 22:54 - 2015-02-03 22:54 - 00000000 ____D () C:\Program Files (x86)\SystemPassword
2015-01-31 14:33 - 2015-01-31 14:33 - 00000215 _____ () C:\Users\Joey Gorman\Desktop\H1Z1.url
2015-01-29 22:11 - 2015-01-29 22:18 - 00000000 ____D () C:\Users\Joey Gorman\Documents\UtechSmart Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00001280 _____ () C:\Users\Public\Desktop\UtechSmart Precision Laser Gaming Mouse.lnk
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart Precision Laser Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse
2015-01-29 21:55 - 2015-01-29 21:55 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Risk_of_Rain
2015-01-25 17:07 - 2015-01-25 17:07 - 00000000 ____D () C:\Users\Joey Gorman\Documents\WB Games
2015-01-25 17:07 - 2015-01-25 17:07 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-25 17:02 - 2015-01-25 17:02 - 00002158 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-01-25 17:02 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-25 17:01 - 2015-01-12 23:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-25 17:01 - 2015-01-12 23:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-25 17:01 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-01-25 14:59 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-25 14:59 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 02:10 - 2013-12-16 04:30 - 00000000 _____ () C:\Recovery.txt
2015-02-24 01:57 - 2012-12-17 04:33 - 00210944 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-24 01:53 - 2014-05-27 05:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 01:41 - 2013-11-16 14:38 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254711952-2534833223-455870803-1001
2015-02-24 01:36 - 2013-12-03 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 01:35 - 2013-11-16 14:41 - 00027032 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-24 01:30 - 2013-11-16 14:27 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 01:23 - 2014-04-06 12:01 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-24 01:23 - 2014-04-05 16:15 - 00000000 __RDO () C:\Users\Joey Gorman\SkyDrive
2015-02-24 01:23 - 2013-11-16 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 01:23 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 01:20 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Packages
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Google
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-24 01:03 - 2014-01-02 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-24 01:02 - 2014-01-02 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 01:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-24 00:56 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-24 00:30 - 2014-08-24 15:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 00:30 - 2014-08-24 15:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 22:21 - 2013-11-16 14:42 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E62A97A2-8622-4FAA-9DE9-1E87702F4BE7}
2015-02-23 10:03 - 2013-11-16 14:20 - 00000000 ____D () C:\Windows\Panther
2015-02-21 16:18 - 2014-08-31 18:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Spotify
2015-02-21 11:50 - 2014-01-10 18:29 - 00000000 ____D () C:\ProgramData\Origin
2015-02-21 04:49 - 2013-11-24 01:13 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\OBS
2015-02-20 22:14 - 2014-08-31 18:09 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Spotify
2015-02-16 20:22 - 2013-11-17 15:30 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-14 06:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-13 20:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 05:04 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 05:51 - 2013-11-18 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 05:49 - 2013-11-18 19:08 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 13:38 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman
2015-02-04 20:53 - 2014-05-27 05:47 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:45 - 2014-07-26 19:26 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\uTorrent
2015-02-04 20:41 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Registration
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 01:46 - 2013-12-22 00:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\vlc
2015-01-31 23:28 - 2013-11-24 01:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-29 21:22 - 2014-04-06 12:01 - 00079217 _____ () C:\Windows\system32\lvcoinst.log
2015-01-25 17:02 - 2013-11-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2015-02-04 20:25 - 2015-02-22 21:52 - 0000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-01-13 20:14 - 2015-01-13 20:14 - 0000046 _____ () C:\Users\Joey Gorman\AppData\Roaming\Camdata.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamLayout.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamShapes.ini
2014-08-17 18:19 - 2014-09-19 00:09 - 0001409 _____ () C:\Users\Joey Gorman\AppData\Roaming\SpeedRunnersLog.txt
2015-01-13 20:01 - 2015-01-13 20:01 - 0000096 _____ () C:\Users\Joey Gorman\AppData\Roaming\version2.xml
2015-02-24 01:21 - 2015-02-24 01:21 - 0002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2013-11-16 14:06 - 2013-11-16 14:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Joey Gorman\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 22:36
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   39.98KB   1 downloads


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 24 February 2015 - 04:13 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please rerun FRST. The Addition.txt is missing.

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Gorman240sx

Gorman240sx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 24 February 2015 - 11:56 AM

hello Jurgen, i feel like you can help me with my problems, even with our language barrier =D i will post both FRST.txt file and the Addition.txt file in this post, Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Joey Gorman (administrator) on JOEY on 24-02-2015 01:58:09
Running from C:\Users\Joey Gorman\Downloads
Loaded Profiles: Joey Gorman (Available profiles: Joey Gorman)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Brio) H:\Folder Size Add-on\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Brio) H:\Folder Size Add-on\FolderSize.exe
() C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Joey Gorman\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe [681288 2013-09-22] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => H:\Video Camer\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [UtechSmartMouseExRun] => C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe [3511808 2013-04-12] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Logitech Vid] => H:\Video Camer\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Folder Size] => H:\Folder Size Add-on\FolderSize.exe [126976 2013-02-13] (Brio)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e856d9-7ec9-11e4-8322-94de80aec7cc} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e860bc-7ec9-11e4-8322-94de80aec7cc} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {5424c039-6b6f-11e3-827c-94de80aec7cc} - "J:\menu.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84aba-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84ad5-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> H:\Video Camer\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52404;https=127.0.0.1:52404
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-254711952-2534833223-455870803-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Java\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DEC3F7C6-ABD4-4F22-9644-27D331359F21}: [NameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> H:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Joey Gorman\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.reddit.com/r/leagueoflegends", "hxxp://www.twitch.tv/"
CHR Profile: C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Adblock Plus) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 b036974b; c:\Program Files (x86)\SystemPassword\SystemPassword.dll [1634304 2015-02-03] () [File not signed]
R2 FolderSize; H:\Folder Size Add-on\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2012-12-17] (Apache Software Foundation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; H:\Sim City\Origin\OriginClientService.exe [1910128 2015-02-21] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 PinnacleUpdateSvc; H:\pinnacle_updater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2012-12-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-24] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 01:58 - 2015-02-24 01:58 - 00016883 _____ () C:\Users\Joey Gorman\Downloads\FRST.txt
2015-02-24 01:57 - 2015-02-24 01:58 - 00000000 ____D () C:\FRST
2015-02-24 01:57 - 2015-02-24 01:57 - 02087424 _____ (Farbar) C:\Users\Joey Gorman\Downloads\FRST64 (1).exe
2015-02-24 01:56 - 2015-02-24 01:56 - 02087424 _____ (Farbar) C:\Users\Joey Gorman\Downloads\FRST64.exe
2015-02-24 01:41 - 2015-02-24 01:41 - 00852594 _____ () C:\Users\Joey Gorman\Downloads\SecurityCheck.exe
2015-02-24 01:36 - 2015-02-24 01:36 - 00000000 ____D () C:\OETemp
2015-02-24 01:33 - 2015-02-24 01:33 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Joey Gorman\Downloads\avira_en_av___ws.exe
2015-02-24 01:28 - 2015-02-24 01:28 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\CrashDumps
2015-02-24 01:23 - 2015-02-24 01:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Deployment
2015-02-24 01:23 - 2015-02-24 01:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Apps\2.0
2015-02-24 01:21 - 2015-02-24 01:21 - 00002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2015-02-24 01:19 - 2015-02-24 01:19 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\VirtualStore
2015-02-24 01:08 - 2015-02-24 01:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:06 - 2015-02-24 01:23 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 01:06 - 2015-02-24 01:11 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 01:06 - 2015-02-24 01:06 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-24 01:06 - 2015-02-24 01:06 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-24 01:06 - 2015-02-24 01:06 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 01:06 - 2015-02-24 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:05 - 2015-02-24 01:05 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-02-24 00:57 - 2015-02-24 01:23 - 00002520 _____ () C:\Users\Joey Gorman\Desktop\Rkill.txt
2015-02-24 00:55 - 2015-02-24 00:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Joey Gorman\Desktop\rkill.exe
2015-02-24 00:48 - 2015-02-24 01:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-24 00:48 - 2015-02-24 00:48 - 15536728 _____ () C:\Users\Joey Gorman\Desktop\RogueKiller.exe
2015-02-24 00:48 - 2015-02-24 00:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-24 00:30 - 2015-02-24 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 00:30 - 2015-02-24 00:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.09.1.1004.exe
2015-02-24 00:29 - 2015-02-24 00:36 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\mbar
2015-02-24 00:29 - 2015-02-24 00:29 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.08.3.1004.exe
2015-02-24 00:12 - 2015-02-24 00:12 - 00001181 _____ () C:\Users\Joey Gorman\Desktop\iexplore.exe - Shortcut.lnk
2015-02-24 00:09 - 2015-02-24 01:53 - 00000000 ____D () C:\AdwCleaner
2015-02-24 00:09 - 2015-02-24 00:09 - 02126848 _____ () C:\Users\Joey Gorman\Downloads\iexplore.exe
2015-02-23 23:41 - 2015-02-23 23:57 - 00000773 _____ () C:\DelFix.txt
2015-02-23 23:41 - 2015-02-23 23:41 - 00000000 ____D () C:\Windows\ERUNT
2015-02-23 23:01 - 2015-02-24 01:46 - 00128707 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 23:00 - 2015-02-24 01:23 - 00004370 _____ () C:\Windows\PFRO.log
2015-02-23 23:00 - 2015-02-24 01:23 - 00004292 _____ () C:\Windows\setupact.log
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 10:33 - 2015-02-23 10:33 - 00362576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 10:03 - 2013-09-04 16:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-02-23 10:03 - 2013-05-23 10:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-02-23 09:54 - 2014-07-07 11:29 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\tron
2015-02-23 09:51 - 2014-07-07 10:58 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\screenshots
2015-02-23 09:50 - 2015-02-23 09:50 - 459540917 _____ () C:\Users\Joey Gorman\Downloads\Tron v1.2 (2014-07-07).7z
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Steam
2015-02-16 21:07 - 2015-02-16 21:07 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2015-02-16 20:22 - 2015-02-16 20:22 - 00000214 _____ () C:\Users\Joey Gorman\Desktop\Dungeon Defenders.url
2015-02-12 23:24 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 23:24 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:08 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:08 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:08 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 02:08 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 02:08 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:08 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:08 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:07 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 02:07 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 02:07 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:07 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:07 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 02:07 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:07 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 02:07 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:07 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:07 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:07 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:07 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:07 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:07 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:07 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 02:07 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:07 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:07 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:07 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:07 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:07 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:07 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 02:07 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 02:07 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 02:07 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 02:07 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-04 20:25 - 2015-02-22 21:52 - 00000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-02-04 00:51 - 2015-02-04 00:51 - 00000936 _____ () C:\Users\Joey Gorman\Desktop\Play Army Men RTS.lnk
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-02-03 22:54 - 2015-02-03 22:54 - 00000000 ____D () C:\Program Files (x86)\SystemPassword
2015-01-31 14:33 - 2015-01-31 14:33 - 00000215 _____ () C:\Users\Joey Gorman\Desktop\H1Z1.url
2015-01-29 22:11 - 2015-01-29 22:18 - 00000000 ____D () C:\Users\Joey Gorman\Documents\UtechSmart Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00001280 _____ () C:\Users\Public\Desktop\UtechSmart Precision Laser Gaming Mouse.lnk
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart Precision Laser Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse
2015-01-29 21:55 - 2015-01-29 21:55 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Risk_of_Rain
2015-01-25 17:07 - 2015-01-25 17:07 - 00000000 ____D () C:\Users\Joey Gorman\Documents\WB Games
2015-01-25 17:07 - 2015-01-25 17:07 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-25 17:02 - 2015-01-25 17:02 - 00002158 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-01-25 17:02 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-25 17:01 - 2015-01-12 23:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-25 17:01 - 2015-01-12 23:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-25 17:01 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-01-25 17:01 - 2015-01-10 03:07 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-01-25 14:59 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-25 14:59 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-24 02:10 - 2013-12-16 04:30 - 00000000 _____ () C:\Recovery.txt
2015-02-24 01:57 - 2012-12-17 04:33 - 00210944 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-24 01:53 - 2014-05-27 05:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 01:41 - 2013-11-16 14:38 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254711952-2534833223-455870803-1001
2015-02-24 01:36 - 2013-12-03 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 01:35 - 2013-11-16 14:41 - 00027032 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-24 01:30 - 2013-11-16 14:27 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 01:23 - 2014-04-06 12:01 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-24 01:23 - 2014-04-05 16:15 - 00000000 __RDO () C:\Users\Joey Gorman\SkyDrive
2015-02-24 01:23 - 2013-11-16 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 01:23 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 01:20 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Packages
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Google
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-24 01:03 - 2014-01-02 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-24 01:02 - 2014-01-02 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 01:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-24 00:56 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-24 00:30 - 2014-08-24 15:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 00:30 - 2014-08-24 15:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 22:21 - 2013-11-16 14:42 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E62A97A2-8622-4FAA-9DE9-1E87702F4BE7}
2015-02-23 10:03 - 2013-11-16 14:20 - 00000000 ____D () C:\Windows\Panther
2015-02-21 16:18 - 2014-08-31 18:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Spotify
2015-02-21 11:50 - 2014-01-10 18:29 - 00000000 ____D () C:\ProgramData\Origin
2015-02-21 04:49 - 2013-11-24 01:13 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\OBS
2015-02-20 22:14 - 2014-08-31 18:09 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Spotify
2015-02-16 20:22 - 2013-11-17 15:30 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-14 06:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-13 20:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 05:04 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 05:51 - 2013-11-18 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 05:49 - 2013-11-18 19:08 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 13:38 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman
2015-02-04 20:53 - 2014-05-27 05:47 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:45 - 2014-07-26 19:26 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\uTorrent
2015-02-04 20:41 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Registration
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 01:46 - 2013-12-22 00:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\vlc
2015-01-31 23:28 - 2013-11-24 01:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-29 21:22 - 2014-04-06 12:01 - 00079217 _____ () C:\Windows\system32\lvcoinst.log
2015-01-25 17:02 - 2013-11-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2015-02-04 20:25 - 2015-02-22 21:52 - 0000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-01-13 20:14 - 2015-01-13 20:14 - 0000046 _____ () C:\Users\Joey Gorman\AppData\Roaming\Camdata.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamLayout.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamShapes.ini
2014-08-17 18:19 - 2014-09-19 00:09 - 0001409 _____ () C:\Users\Joey Gorman\AppData\Roaming\SpeedRunnersLog.txt
2015-01-13 20:01 - 2015-01-13 20:01 - 0000096 _____ () C:\Users\Joey Gorman\AppData\Roaming\version2.xml
2015-02-24 01:21 - 2015-02-24 01:21 - 0002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2013-11-16 14:06 - 2013-11-16 14:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Joey Gorman\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 22:36
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by Joey Gorman at 2015-02-24 01:58:27
Running from C:\Users\Joey Gorman\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.3.7 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.5.3.7 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Crayon Physics Deluxe (HKLM-x32\...\Steam App 26900) (Version:  - Kloonigames)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Evil Genius (HKLM-x32\...\Steam App 3720) (Version:  - Elixir Studios)
Folder Size (HKLM-x32\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.6 - Brio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.2022 - Marvell)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Game Long Name (HKLM\...\UDK-672ee946-7723-408d-8964-ccda7ae7c638) (Version:  - Epic Games, Inc.)
NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version:  - Visual Concepts)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 5.0.0 - )
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUGC Modpack For Simcity 2013 (HKLM-x32\...\SUGC Modpack For Simcity 2013) (Version: 1.0 - Sugc)
Synthesia (HKLM-x32\...\Synthesia) (Version: 9 - Synthesia LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
UtechSmart Precision Laser Gaming Mouse version 1.0 (HKLM-x32\...\{EDD9C72D-585E-47BB-B86B-E5C72850A0A7}_is1) (Version: 1.0 - UtechSmart Technology)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-254711952-2534833223-455870803-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-254711952-2534833223-455870803-1001_Classes\CLSID\{dee3349f-bf83-4c10-ad48-dcf17a09afaf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-02-2015 23:57:33 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1EA7F143-338C-4C0D-8627-2228D45189F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {28D25399-F5CE-4041-B4FC-86C4E2E64FF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {702FFA28-CF5D-4ED8-B481-AB928381280B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {959826A2-1315-49D8-B129-2854EB695FF3} - \GPUP No Task File <==== ATTENTION
Task: {A32DC33B-0F97-46D2-9E2B-FFF6905D9F16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3EC1B6E-C8B9-43DD-A6AA-E1E05A3FC6CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {D039A837-7975-44EA-B781-A5B9067E34CA} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {DEAF95D9-CDA4-4E70-9483-A493019ED799} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-11-16 15:40 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-22 21:01 - 2013-09-22 21:01 - 00681288 _____ () C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe
2012-12-17 04:15 - 2012-12-17 04:15 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2013-11-16 14:21 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-24 01:06 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 01:06 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-24 01:06 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-24 01:06 - 2015-02-17 17:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Joey Gorman\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Joey Gorman\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joey Gorman\Pictures\Stream\nissan-240sx-import-turner-hd-wallpaper-574779.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "RaidCall"
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\StartupApproved\Run: => "Logitech Vid"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-254711952-2534833223-455870803-500 - Administrator - Disabled)
Guest (S-1-5-21-254711952-2534833223-455870803-501 - Limited - Disabled)
Joey Gorman (S-1-5-21-254711952-2534833223-455870803-1001 - Administrator - Enabled) => C:\Users\Joey Gorman
 
==================== Faulty Device Manager Devices =============
 
Name: Logitech Mic (Notebooks Pro)
Description: Logitech Mic (Notebooks Pro)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2015 01:28:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UtechSmartMonEx.exe, version: 1.2.0.103, time stamp: 0x51678043
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x1738
Faulting application start time: 0xUtechSmartMonEx.exe0
Faulting application path: UtechSmartMonEx.exe1
Faulting module path: UtechSmartMonEx.exe2
Report Id: UtechSmartMonEx.exe3
Faulting package full name: UtechSmartMonEx.exe4
Faulting package-relative application ID: UtechSmartMonEx.exe5
 
Error: (02/24/2015 01:23:35 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
Error: (02/24/2015 01:15:23 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
Error: (02/24/2015 01:11:07 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
Error: (02/24/2015 01:05:21 AM) (Source: MsiInstaller) (EventID: 11721) (User: JOEY)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
 
Error: (02/24/2015 01:04:33 AM) (Source: MsiInstaller) (EventID: 11721) (User: JOEY)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer
 
Error: (02/24/2015 00:57:16 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
Error: (02/24/2015 00:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Monitor.exe, version: 1.3.3.3, time stamp: 0x52cdfbf8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x8cb18802
Faulting process id: 0x1194
Faulting application start time: 0xMonitor.exe0
Faulting application path: Monitor.exe1
Faulting module path: Monitor.exe2
Report Id: Monitor.exe3
Faulting package full name: Monitor.exe4
Faulting package-relative application ID: Monitor.exe5
 
Error: (02/24/2015 00:16:00 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
Error: (02/24/2015 00:13:51 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName     .
 
 
System errors:
=============
Error: (02/24/2015 01:35:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/24/2015 01:35:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/24/2015 01:24:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (02/24/2015 01:23:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2015 01:15:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASGT service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2015 01:14:53 AM) (Source: DCOM) (EventID: 10005) (User: JOEY)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (02/24/2015 01:14:53 AM) (Source: DCOM) (EventID: 10005) (User: JOEY)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/24/2015 01:14:48 AM) (Source: DCOM) (EventID: 10005) (User: JOEY)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/24/2015 01:14:12 AM) (Source: DCOM) (EventID: 10005) (User: JOEY)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (02/24/2015 01:13:58 AM) (Source: DCOM) (EventID: 10005) (User: JOEY)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (02/24/2015 01:28:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: UtechSmartMonEx.exe1.2.0.10351678043KERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f71173801d04ffa759f3b05C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exeC:\Windows\SYSTEM32\KERNELBASE.dll52580bc2-bbee-11e4-8351-94de80aec7cc
 
Error: (02/24/2015 01:23:35 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
Error: (02/24/2015 01:15:23 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
Error: (02/24/2015 01:11:07 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
Error: (02/24/2015 01:05:21 AM) (Source: MsiInstaller) (EventID: 11721) (User: JOEY)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/24/2015 01:04:33 AM) (Source: MsiInstaller) (EventID: 11721) (User: JOEY)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/24/2015 00:57:16 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
Error: (02/24/2015 00:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Monitor.exe1.3.3.352cdfbf8unknown0.0.0.000000000c00000058cb18802119401d04ff0fd8a9ddeC:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exeunknown3eb97f14-bbe4-11e4-834c-94de80aec7cc
 
Error: (02/24/2015 00:16:00 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
Error: (02/24/2015 00:13:51 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service namedreported the following error:
>>>httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.16 for ServerName
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-24 00:13:55.009
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-15 22:37:36.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 22:37:36.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 23:59:48.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 23:59:48.058
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 23:59:47.989
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 23:59:47.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 02:19:39.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 02:19:39.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-10 02:19:39.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16339.16 MB
Available physical RAM: 13550.9 MB
Total Pagefile: 18771.16 MB
Available Pagefile: 15959.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (90 GB SSD) (Fixed) (Total:83.5 GB) (Free:31.62 GB) NTFS
Drive h: (2 TB Hard Drive) (Fixed) (Total:1863.01 GB) (Free:1571.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3FCCCC6D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 24 February 2015 - 04:17 PM

Step 1
Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Edited by deeprybka, 24 February 2015 - 04:17 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Gorman240sx

Gorman240sx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 24 February 2015 - 08:17 PM

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 20:15:41
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Joey Gorman - JOEY
# Running from : C:\Users\Joey Gorman\Downloads\iexplore.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [845 bytes] - [24/02/2015 00:09:21]
AdwCleaner[R10].txt - [1587 bytes] - [24/02/2015 01:24:55]
AdwCleaner[R11].txt - [1647 bytes] - [24/02/2015 01:52:41]
AdwCleaner[R12].txt - [1707 bytes] - [24/02/2015 20:14:41]
AdwCleaner[R1].txt - [2031 bytes] - [24/02/2015 00:14:08]
AdwCleaner[R2].txt - [2090 bytes] - [24/02/2015 00:14:51]
AdwCleaner[R3].txt - [1079 bytes] - [24/02/2015 00:16:12]
AdwCleaner[R4].txt - [1138 bytes] - [24/02/2015 00:36:17]
AdwCleaner[R5].txt - [1198 bytes] - [24/02/2015 00:44:51]
AdwCleaner[R6].txt - [1257 bytes] - [24/02/2015 00:46:29]
AdwCleaner[R7].txt - [2444 bytes] - [24/02/2015 00:55:53]
AdwCleaner[R8].txt - [1434 bytes] - [24/02/2015 01:01:06]
AdwCleaner[R9].txt - [1794 bytes] - [24/02/2015 01:13:59]
AdwCleaner[S0].txt - [4438 bytes] - [24/02/2015 00:15:27]
AdwCleaner[S1].txt - [4792 bytes] - [24/02/2015 00:56:36]
AdwCleaner[S2].txt - [2478 bytes] - [24/02/2015 01:14:50]
AdwCleaner[S3].txt - [1636 bytes] - [24/02/2015 20:15:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1695  bytes] ##########


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 25 February 2015 - 01:25 PM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:52404;https=127.0.0.1:52404
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S2 b036974b; c:\Program Files (x86)\SystemPassword\SystemPassword.dll [1634304 2015-02-03] () [File not signed]
    c:\Program Files (x86)\SystemPassword
    Task: {959826A2-1315-49D8-B129-2854EB695FF3} - \GPUP No Task File 
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    File: "C:\Windows\SysWOW64\zlib.dll"
    Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
    Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
    [-HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Gorman240sx

Gorman240sx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 February 2015 - 09:32 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Joey Gorman at 2015-02-25 21:27:13 Run:1
Running from C:\Users\Joey Gorman\Downloads
Loaded Profiles: Joey Gorman (Available profiles: Joey Gorman)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52404;https=127.0.0.1:52404
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 b036974b; c:\Program Files (x86)\SystemPassword\SystemPassword.dll [1634304 2015-02-03] () [File not signed]
c:\Program Files (x86)\SystemPassword
Task: {959826A2-1315-49D8-B129-2854EB695FF3} - \GPUP No Task File 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
File: "C:\Windows\SysWOW64\zlib.dll"
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
[-HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
b036974b => Service deleted successfully.
c:\Program Files (x86)\SystemPassword => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959826A2-1315-49D8-B129-2854EB695FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959826A2-1315-49D8-B129-2854EB695FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
========================= File: "C:\Windows\SysWOW64\zlib.dll" ========================
 
MD5: 6489193F5F2233EAF4E7E0700540FF12
Creation and modification date: 2013-12-16 21:45 - 2013-12-17 00:00
Size: 0119296
Attributes: ----A
Company Name: 
Internal Name: zlib
Original Name: zlib.dll
Product Name: ZLib.DLL
Description: zlib data compression library
File Version: 1.2.3.0
Product Version: 
Copyright: © 1995-2003 Jean-loup Gailly & Mark Adler
 
====== End Of File: ======
 
 
========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => Key not found. 
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:28:24 ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Joey Gorman (administrator) on JOEY on 25-02-2015 21:31:42
Running from C:\Users\Joey Gorman\Downloads
Loaded Profiles: Joey Gorman (Available profiles: Joey Gorman)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Brio) H:\Folder Size Add-on\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Joey Gorman\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Brio) H:\Folder Size Add-on\FolderSize.exe
(Curse) C:\Users\Joey Gorman\AppData\Local\Apps\2.0\17G5940Z.EJ3\QD0XQB8X.MQ9\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
() C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\StorageTray.exe [681288 2013-09-22] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => H:\Video Camer\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [UtechSmartMouseExRun] => C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse\UtechSmartMonEx.exe [3511808 2013-04-12] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Logitech Vid] => H:\Video Camer\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\Run: [Folder Size] => H:\Folder Size Add-on\FolderSize.exe [126976 2013-02-13] (Brio)
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e856d9-7ec9-11e4-8322-94de80aec7cc} - "D:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {52e860bc-7ec9-11e4-8322-94de80aec7cc} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {5424c039-6b6f-11e3-827c-94de80aec7cc} - "J:\menu.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84aba-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-254711952-2534833223-455870803-1001\...\MountPoints2: {d6b84ad5-f8af-11e3-82de-94de80aec7cc} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> H:\Video Camer\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-254711952-2534833223-455870803-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> H:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> H:\Java\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DEC3F7C6-ABD4-4F22-9644-27D331359F21}: [NameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> H:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> H:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Joey Gorman\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.reddit.com/r/leagueoflegends", "hxxp://www.twitch.tv/"
CHR Profile: C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Adblock Plus) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Joey Gorman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 FolderSize; H:\Folder Size Add-on\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2012-12-17] (Apache Software Foundation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; H:\Sim City\Origin\OriginClientService.exe [1910128 2015-02-21] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 PinnacleUpdateSvc; H:\pinnacle_updater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2012-12-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-24] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 netr28x; \SystemRoot\system32\DRIVERS\netr28x.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 21:26 - 2015-02-25 21:26 - 00000000 ____D () C:\Users\Joey Gorman\Downloads\FRST-OlderVersion
2015-02-25 21:24 - 2015-02-25 21:24 - 00001399 _____ () C:\Users\Joey Gorman\Documents\fixlist.txt
2015-02-24 20:17 - 2015-02-24 20:17 - 00000318 _____ () C:\Users\Joey Gorman\Desktop\Curse Client.appref-ms
2015-02-24 20:17 - 2015-02-24 20:17 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-02-24 02:10 - 2015-02-24 02:10 - 00040937 _____ () C:\Users\Joey Gorman\Documents\FRST.txt
2015-02-24 02:10 - 2015-02-24 02:10 - 00030989 _____ () C:\Users\Joey Gorman\Documents\Addition.txt
2015-02-24 02:10 - 2015-02-24 02:10 - 00000961 _____ () C:\Users\Joey Gorman\Documents\checkup.txt
2015-02-24 02:09 - 2015-02-24 02:09 - 00001647 _____ () C:\Users\Joey Gorman\Documents\AdwCleaner[R11].txt
2015-02-24 01:58 - 2015-02-25 21:31 - 00016155 _____ () C:\Users\Joey Gorman\Downloads\FRST.txt
2015-02-24 01:58 - 2015-02-24 01:58 - 00030989 _____ () C:\Users\Joey Gorman\Downloads\Addition.txt
2015-02-24 01:57 - 2015-02-25 21:31 - 00000000 ____D () C:\FRST
2015-02-24 01:56 - 2015-02-25 21:26 - 02087936 _____ (Farbar) C:\Users\Joey Gorman\Downloads\FRST64.exe
2015-02-24 01:41 - 2015-02-24 01:41 - 00852594 _____ () C:\Users\Joey Gorman\Downloads\SecurityCheck.exe
2015-02-24 01:36 - 2015-02-24 01:36 - 00000000 ____D () C:\OETemp
2015-02-24 01:33 - 2015-02-24 01:33 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Joey Gorman\Downloads\avira_en_av___ws.exe
2015-02-24 01:28 - 2015-02-24 01:28 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\CrashDumps
2015-02-24 01:23 - 2015-02-25 21:29 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Deployment
2015-02-24 01:23 - 2015-02-24 01:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Apps\2.0
2015-02-24 01:21 - 2015-02-24 01:21 - 00002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2015-02-24 01:19 - 2015-02-24 01:19 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\VirtualStore
2015-02-24 01:08 - 2015-02-24 01:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:06 - 2015-02-25 21:29 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 01:06 - 2015-02-25 10:11 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 01:06 - 2015-02-24 01:06 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-24 01:06 - 2015-02-24 01:06 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-24 01:06 - 2015-02-24 01:06 - 00002284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 01:06 - 2015-02-24 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 01:05 - 2015-02-24 01:05 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-02-24 00:57 - 2015-02-24 01:23 - 00002520 _____ () C:\Users\Joey Gorman\Desktop\Rkill.txt
2015-02-24 00:55 - 2015-02-24 00:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Joey Gorman\Desktop\rkill.exe
2015-02-24 00:48 - 2015-02-24 01:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-24 00:48 - 2015-02-24 00:48 - 15536728 _____ () C:\Users\Joey Gorman\Desktop\RogueKiller.exe
2015-02-24 00:48 - 2015-02-24 00:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-24 00:30 - 2015-02-24 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 00:30 - 2015-02-24 00:30 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.09.1.1004.exe
2015-02-24 00:29 - 2015-02-24 00:36 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\mbar
2015-02-24 00:29 - 2015-02-24 00:29 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Joey Gorman\Downloads\mbar-1.08.3.1004.exe
2015-02-24 00:12 - 2015-02-24 00:12 - 00001181 _____ () C:\Users\Joey Gorman\Desktop\iexplore.exe - Shortcut.lnk
2015-02-24 00:09 - 2015-02-24 20:15 - 00000000 ____D () C:\AdwCleaner
2015-02-24 00:09 - 2015-02-24 00:09 - 02126848 _____ () C:\Users\Joey Gorman\Downloads\iexplore.exe
2015-02-23 23:41 - 2015-02-23 23:57 - 00000773 _____ () C:\DelFix.txt
2015-02-23 23:41 - 2015-02-23 23:41 - 00000000 ____D () C:\Windows\ERUNT
2015-02-23 23:01 - 2015-02-25 21:28 - 00795136 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 23:00 - 2015-02-25 21:29 - 00005220 _____ () C:\Windows\setupact.log
2015-02-23 23:00 - 2015-02-25 21:28 - 00004962 _____ () C:\Windows\PFRO.log
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 10:33 - 2015-02-23 10:33 - 00362576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 10:03 - 2013-09-04 16:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-02-23 10:03 - 2013-05-23 10:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-02-23 09:54 - 2014-07-07 11:29 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\tron
2015-02-23 09:51 - 2014-07-07 10:58 - 00000000 ____D () C:\Users\Joey Gorman\Desktop\screenshots
2015-02-23 09:50 - 2015-02-23 09:50 - 459540917 _____ () C:\Users\Joey Gorman\Downloads\Tron v1.2 (2014-07-07).7z
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Steam
2015-02-16 21:07 - 2015-02-16 21:07 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders
2015-02-16 20:22 - 2015-02-16 20:22 - 00000214 _____ () C:\Users\Joey Gorman\Desktop\Dungeon Defenders.url
2015-02-12 23:24 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 23:24 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:08 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:08 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:08 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 02:08 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 02:08 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:08 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:08 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:08 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:07 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 02:07 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:07 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:07 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 02:07 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:07 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:07 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:07 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:07 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:07 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 02:07 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:07 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:07 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 02:07 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 02:07 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:07 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:07 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:07 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:07 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:07 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:07 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:07 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:07 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:07 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:07 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 02:07 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 02:07 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:07 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:07 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:07 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:07 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:07 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:07 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 02:07 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 02:07 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 02:07 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 02:07 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 02:07 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 02:07 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-04 20:25 - 2015-02-22 21:52 - 00000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-02-04 00:51 - 2015-02-04 00:51 - 00000936 _____ () C:\Users\Joey Gorman\Desktop\Play Army Men RTS.lnk
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-02-04 00:51 - 2015-02-04 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Army Men RTS
2015-01-31 14:33 - 2015-01-31 14:33 - 00000215 _____ () C:\Users\Joey Gorman\Desktop\H1Z1.url
2015-01-29 22:11 - 2015-01-29 22:18 - 00000000 ____D () C:\Users\Joey Gorman\Documents\UtechSmart Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00001280 _____ () C:\Users\Public\Desktop\UtechSmart Precision Laser Gaming Mouse.lnk
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart Precision Laser Gaming Mouse
2015-01-29 22:11 - 2015-01-29 22:11 - 00000000 ____D () C:\Program Files (x86)\UtechSmart Precision Laser Gaming Mouse
2015-01-29 21:55 - 2015-01-29 21:55 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Risk_of_Rain
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 21:31 - 2012-12-17 04:33 - 00211968 _____ () C:\Windows\SysWOW64\freqdb.db
2015-02-25 21:29 - 2014-08-29 20:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 21:29 - 2014-04-06 12:01 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-02-25 21:29 - 2014-04-05 16:15 - 00000000 __RDO () C:\Users\Joey Gorman\SkyDrive
2015-02-25 21:29 - 2013-11-16 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 21:29 - 2013-11-16 14:41 - 00027240 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-02-25 21:29 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 21:28 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-25 21:27 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-25 21:26 - 2013-11-16 14:42 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E62A97A2-8622-4FAA-9DE9-1E87702F4BE7}
2015-02-25 21:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-25 09:53 - 2014-05-27 05:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 20:22 - 2013-11-16 14:38 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-254711952-2534833223-455870803-1001
2015-02-24 20:22 - 2013-11-16 14:27 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 20:11 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-24 02:10 - 2013-12-16 04:30 - 00000000 _____ () C:\Recovery.txt
2015-02-24 01:36 - 2013-12-03 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 01:20 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Packages
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Google
2015-02-24 01:06 - 2013-11-16 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-24 01:03 - 2014-01-02 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-24 01:02 - 2014-01-02 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-24 00:30 - 2014-08-24 15:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 00:30 - 2014-08-24 15:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 10:03 - 2013-11-16 14:20 - 00000000 ____D () C:\Windows\Panther
2015-02-21 16:18 - 2014-08-31 18:08 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Spotify
2015-02-21 11:50 - 2014-01-10 18:29 - 00000000 ____D () C:\ProgramData\Origin
2015-02-21 04:49 - 2013-11-24 01:13 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\OBS
2015-02-20 22:14 - 2014-08-31 18:09 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Local\Spotify
2015-02-16 20:22 - 2013-11-17 15:30 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-14 06:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-13 20:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-11 05:51 - 2013-11-18 19:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 05:49 - 2013-11-18 19:08 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 13:38 - 2013-11-16 14:25 - 00000000 ____D () C:\Users\Joey Gorman
2015-02-04 20:53 - 2014-05-27 05:47 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:45 - 2014-07-26 19:26 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\uTorrent
2015-02-04 20:41 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Registration
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 01:46 - 2013-12-22 00:23 - 00000000 ____D () C:\Users\Joey Gorman\AppData\Roaming\vlc
2015-01-31 23:28 - 2013-11-24 01:13 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-29 21:22 - 2014-04-06 12:01 - 00079217 _____ () C:\Windows\system32\lvcoinst.log
 
==================== Files in the root of some directories =======
 
2015-02-04 20:25 - 2015-02-22 21:52 - 0000020 _____ () C:\Users\Joey Gorman\AppData\Roaming\appdataFr3.bin
2015-01-13 20:14 - 2015-01-13 20:14 - 0000046 _____ () C:\Users\Joey Gorman\AppData\Roaming\Camdata.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamLayout.ini
2015-01-13 20:14 - 2015-01-13 20:14 - 0000408 _____ () C:\Users\Joey Gorman\AppData\Roaming\CamShapes.ini
2014-08-17 18:19 - 2014-09-19 00:09 - 0001409 _____ () C:\Users\Joey Gorman\AppData\Roaming\SpeedRunnersLog.txt
2015-01-13 20:01 - 2015-01-13 20:01 - 0000096 _____ () C:\Users\Joey Gorman\AppData\Roaming\version2.xml
2015-02-24 01:21 - 2015-02-24 01:21 - 0002439 _____ () C:\Users\Joey Gorman\AppData\Local\FluxSoftware - Shortcut.lnk
2013-11-16 14:06 - 2013-11-16 14:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Joey Gorman\AppData\Local\Temp\8v5p-ffd.dll
C:\Users\Joey Gorman\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Joey Gorman\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey Gorman\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-19 22:36
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 26 February 2015 - 03:33 AM

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 02 March 2015 - 12:48 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:51 AM

Posted 04 March 2015 - 03:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users